User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
VPN
Configuring the SSL VPN
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 265
8
a route is added on the SSL VPN client in the Address field and the the
subnet mask for the destination network in the Netmask field, and then
click Add.
- Exclude Traffic: Allows you to exclude the destination networks on the
SSL VPN client. The traffic to the destination networks is redirected using
the SSL VPN clients native network interface (resolved through the
Internet Service Provider or WAN connection). To add a destination
subnet, enter the destination subnet to which a route is excluded on the
SSL VPN client in the Address field and the the subnet mask for the
excluded destination in the Netmask field, and then click Add.
- Exclude LAN: If you choose Exclude Traffic, click True to deny the SSL
VPN clients to access the local LANs over the VPN tunnel, or click False
to allow the SSL VPN clients to access the local LANs over the VPN
tunnel.
• Split DNS: Split DNS provides the ability to direct DNS packets in clear text
over the Internet to domains served through an external DNS (serving your
ISP) or through SSL VPN tunnel to domains served by the corporate DNS.
For example, a query for a packet destined for corporate.com would go
through the tunnel to the DNS that serves the private network, while a query
for a packet destined for myfavoritesearch.com would be handled by the
ISP's DNS. By default, this feature is configured on the SSL VPN gateway and
is enabled on the client. To use Split DNS, you must also have Split Tunneling
configured.
To add a domain to the Cisco AnyConnect VPN Client for tunneling packets
to destinations in the private network, end the domian name in the field and
then click Add. To delete a domain, select it from the list and click Delete.
STEP 6 In the Zone-based Firewall Settings area, you can control the access from the
SSL VPN clients to the zones over the SSL VPN tunnels. Click Permit to permit the
access, or click Deny to deny the access. By default, the access for all zones is
permitted.
NOTE The VPN access rules that are automatically generated by the zone-based
firewall settings will be added to the firewall access rule table with the
priority higher than the default firewall ACL rules, but lower than the custom
firewall ACL rules.
STEP 7 Click OK to save your settings.